@node-core/utils 5.3.1 → 5.4.0

package/lib/pr_checker.js

@@ -29,6 +29,7 @@ const GITHUB_SUCCESS_CONCLUSIONS = ['SUCCESS', 'NEUTRAL', 'SKIPPED'];
 const FAST_TRACK_RE = /^Fast-track has been requested by @(.+?)\. Please 👍 to approve\.$/;
 const FAST_TRACK_MIN_APPROVALS = 2;
 const GIT_CONFIG_GUIDE_URL = 'https://github.com/nodejs/node/blob/99b1ada/doc/guides/contributing/pull-requests.md#step-1-fork';
+const IGNORED_CHECK_SLUGS = ['dependabot', 'codecov'];
 
 // eslint-disable-next-line no-extend-native
 Array.prototype.findLastIndex ??= function findLastIndex(fn) {
@@ -373,9 +374,9 @@ export default class PRChecker {
 
     // GitHub new Check API
     for (const { status, conclusion, app } of checkSuites.nodes) {
-      if (app && app.slug === 'dependabot') {
-        // Ignore Dependabot check suites. They are expected to show up
-        // sometimes and never complete.
+      if (app && IGNORED_CHECK_SLUGS.includes(app.slug)) {
+        // Ignore Dependabot and Codecov check suites.
+        // They are expected to show up sometimes and never complete.
         continue;
       }
 

package/lib/prepare_security.js

@@ -6,7 +6,6 @@ import {
   NEXT_SECURITY_RELEASE_BRANCH,
   NEXT_SECURITY_RELEASE_FOLDER,
   NEXT_SECURITY_RELEASE_REPOSITORY,
-  PLACEHOLDERS,
   checkoutOnSecurityReleaseBranch,
   commitAndPushVulnerabilitiesJSON,
   validateDate,
@@ -37,22 +36,15 @@ export default class PrepareSecurityRelease {
     const createVulnerabilitiesJSON = await this.promptVulnerabilitiesJSON();
 
     let securityReleasePRUrl;
+    const content = await this.buildDescription(releaseDate, securityReleasePRUrl);
     if (createVulnerabilitiesJSON) {
-      securityReleasePRUrl = await this.startVulnerabilitiesJSONCreation(releaseDate);
+      securityReleasePRUrl = await this.startVulnerabilitiesJSONCreation(releaseDate, content);
     }
 
-    const createIssue = await this.promptCreateRelaseIssue();
-
-    if (createIssue) {
-      const content = await this.buildIssue(releaseDate, securityReleasePRUrl);
-      await createIssue(
-        this.title, content, this.repository, { cli: this.cli, repository: this.repository });
-    };
-
     this.cli.ok('Done!');
   }
 
-  async startVulnerabilitiesJSONCreation(releaseDate) {
+  async startVulnerabilitiesJSONCreation(releaseDate, content) {
     // checkout on the next-security-release branch
     checkoutOnSecurityReleaseBranch(this.cli, this.repository);
 
@@ -87,7 +79,7 @@ export default class PrepareSecurityRelease {
     if (!createPr) return;
 
     // create pr on the security-release repo
-    return this.createPullRequest();
+    return this.createPullRequest(content);
   }
 
   promptCreatePR() {
@@ -143,11 +135,9 @@ export default class PrepareSecurityRelease {
       { defaultAnswer: true });
   }
 
-  async buildIssue(releaseDate, securityReleasePRUrl = PLACEHOLDERS.vulnerabilitiesPRURL) {
+  async buildDescription() {
     const template = await this.getSecurityIssueTemplate();
-    const content = template.replace(PLACEHOLDERS.releaseDate, releaseDate)
-      .replace(PLACEHOLDERS.vulnerabilitiesPRURL, securityReleasePRUrl);
-    return content;
+    return template;
   }
 
   async chooseReports() {
@@ -185,11 +175,11 @@ export default class PrepareSecurityRelease {
     return fullPath;
   }
 
-  async createPullRequest() {
+  async createPullRequest(content) {
     const { owner, repo } = this.repository;
     const response = await this.req.createPullRequest(
       this.title,
-      'List of vulnerabilities to be included in the next security release',
+      content ?? 'List of vulnerabilities to be included in the next security release',
       {
         owner,
         repo,

package/lib/security_blog.js

@@ -232,9 +232,10 @@ export default class SecurityBlog {
   }
 
   getDependencyUpdatesTemplate(dependencyUpdates) {
-    if (!dependencyUpdates) return '';
-    let template = 'This security release includes the following dependency' +
-      ' updates to address public vulnerabilities:\n\n';
+    if (typeof dependencyUpdates !== 'object') return '';
+    if (Object.keys(dependencyUpdates).length === 0) return '';
+    let template = '\nThis security release includes the following dependency' +
+      ' updates to address public vulnerabilities:\n';
     for (const dependencyUpdate of Object.values(dependencyUpdates)) {
       for (const dependency of dependencyUpdate) {
         const title = dependency.title.substring(dependency.title.indexOf(':') + ':'.length).trim();
@@ -330,7 +331,12 @@ export default class SecurityBlog {
         affectedVersions.add(affectedVersion);
       }
     }
-    return Array.from(affectedVersions).join(', ');
+    const parseToNumber = str => +(str.match(/[\d.]+/g)[0]);
+    return Array.from(affectedVersions)
+      .sort((a, b) => {
+        return parseToNumber(a) > parseToNumber(b) ? -1 : 1;
+      })
+      .join(', ');
   }
 
   getSecurityPreReleaseTemplate() {

package/lib/update-v8/applyNodeChanges.js

@@ -1,7 +1,5 @@
 import path from 'node:path';
 
-import { Listr } from 'listr2';
-
 import {
   getNodeV8Version,
   filterForVersion,
@@ -19,10 +17,10 @@ const nodeChanges = [
 export default function applyNodeChanges() {
   return {
     title: 'Apply Node-specific changes',
-    task: async(ctx) => {
+    task: async(ctx, task) => {
       const v8Version = await getNodeV8Version(ctx.nodeDir);
       const list = filterForVersion(nodeChanges, v8Version);
-      return new Listr(list.map((change) => change.task()));
+      return task.newListr(list.map((change) => change.task()));
     }
   };
 }

package/lib/update-v8/backport.js

@@ -4,7 +4,6 @@ import {
 } from 'node:fs';
 
 import inquirer from 'inquirer';
-import { Listr } from 'listr2';
 import { ListrEnquirerPromptAdapter } from '@listr2/prompt-adapter-enquirer';
 
 import { shortSha } from '../utils.js';
@@ -50,8 +49,8 @@ export function doBackport(options) {
 
   return {
     title: 'V8 commit backport',
-    task: () => {
-      return new Listr(todo);
+    task: (ctx, task) => {
+      return task.newListr(todo);
     }
   };
 };
@@ -164,8 +163,8 @@ function applyPatches() {
 function applyAndCommitPatches() {
   return {
     title: 'Apply and commit patches to deps/v8',
-    task: (ctx) => {
-      return new Listr(ctx.patches.map(applyPatchTask));
+    task: (ctx, task) => {
+      return task.newListr(ctx.patches.map(applyPatchTask));
     }
   };
 }
@@ -173,7 +172,7 @@ function applyAndCommitPatches() {
 function applyPatchTask(patch) {
   return {
     title: `Commit ${shortSha(patch.sha)}`,
-    task: (ctx) => {
+    task: (ctx, task) => {
       const todo = [
         {
           title: 'Apply patch',
@@ -188,7 +187,7 @@ function applyPatchTask(patch) {
         }
       }
       todo.push(commitPatch(patch));
-      return new Listr(todo);
+      return task.newListr(todo);
     }
   };
 }

package/lib/update-v8/majorUpdate.js

@@ -1,8 +1,6 @@
 import path from 'node:path';
 import { promises as fs } from 'node:fs';
 
-import { Listr } from 'listr2';
-
 import { getCurrentV8Version } from './common.js';
 import {
   getNodeV8Version,
@@ -19,8 +17,8 @@ import { forceRunAsync } from '../run.js';
 export default function majorUpdate() {
   return {
     title: 'Major V8 update',
-    task: () => {
-      return new Listr([
+    task: (ctx, task) => {
+      return task.newListr([
         getCurrentV8Version(),
         checkoutBranch(),
         removeDepsV8(),

package/lib/update-v8/minorUpdate.js

@@ -2,8 +2,6 @@ import { spawn } from 'node:child_process';
 import path from 'node:path';
 import { promises as fs } from 'node:fs';
 
-import { Listr } from 'listr2';
-
 import { getCurrentV8Version } from './common.js';
 import { isVersionString } from './util.js';
 import { forceRunAsync } from '../run.js';
@@ -11,8 +9,8 @@ import { forceRunAsync } from '../run.js';
 export default function minorUpdate() {
   return {
     title: 'Minor V8 update',
-    task: () => {
-      return new Listr([
+    task: (ctx, task) => {
+      return task.newListr([
         getCurrentV8Version(),
         getLatestV8Version(),
         doMinorUpdate()

package/lib/update-v8/updateV8Clone.js

@@ -1,15 +1,13 @@
 import { promises as fs } from 'node:fs';
 
-import { Listr } from 'listr2';
-
 import { v8Git } from './constants.js';
 import { forceRunAsync } from '../run.js';
 
 export default function updateV8Clone() {
   return {
     title: 'Update local V8 clone',
-    task: () => {
-      return new Listr([fetchOrigin(), createClone()]);
+    task: (ctx, task) => {
+      return task.newListr([fetchOrigin(), createClone()]);
     }
   };
 };

package/lib/update-v8/updateVersionNumbers.js

@@ -1,15 +1,13 @@
 import path from 'node:path';
 import { promises as fs } from 'node:fs';
 
-import { Listr } from 'listr2';
-
 import { getNodeV8Version } from './util.js';
 
 export default function updateVersionNumbers() {
   return {
     title: 'Update version numbers',
-    task: () => {
-      return new Listr([resetEmbedderString(), bumpNodeModule()]);
+    task: (ctx, task) => {
+      return task.newListr([resetEmbedderString(), bumpNodeModule()]);
     }
   };
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@node-core/utils",
-  "version": "5.3.1",
+  "version": "5.4.0",
   "description": "Utilities for Node.js core collaborators",
   "type": "module",
   "engines": {